Opinion
Cyber: The new frontier
“As technology evolves and the battle terrain changes, cyber criminals are quick to adapt and change their tactics, techniques and procedures accordingly,” writes Guy Caspi, CEO and Founder of Deep Instinct
In recent weeks, as winds of war blow throughout Eastern Europe, threatening to escalate into a global faceoff between East and West, we are seeing an unprecedented use of cyber attacks as significant tools of warfare, with capabilities to destroy infrastructures such as water, electricity, traffic routing, banks, and strategic institutions on either side.
As Israelis, when we imagine war, we think of a battlefield, the Iron Dome, planes, infantry, tanks and bombs. But cyber-attacks inflicted as part of the mutual chess game cause damage that is just as destructive as other military means, harming a nation's ability to carry on its life: from management of hospitals to cellular, water, and electricity networks, financial services, airports and ports.
Simultaneously, in other parts of the world, the ways in which we live and work have undergone fundamental change, with organizations embracing remote work models in response to COVID, and no intention of changing these although the pandemic is in decline. Many of the changes that seemed temporary and short-term have now been embraced by businesses and employees as the new standard. This transition to a model of "work anywhere" or a hybrid model, has expanded and doubled potential attack targets, making defenses less effective, as work from home does not take place behind an organization's firewalls.
A few worrying trends I have observed:
Supply chain attacks: Aggressors are taking increasing advantage of supply chain attacks to get to a larger and more wide-scale attack, with a wider base of goals and damage that is major to paralyzing national infrastructures.
High profile attacks: There is a transition from confidential attacks with long dwell times, to rapid high-profile attacks with significant and sometimes irreversible damage, when many wipers are sent towards a large bank of cyber targets,
Collaboration between public/private sectors: One of the successful trends is the improved collaboration between private and public sectors in an effort to battle cyber threats, and this is indeed improving everywhere. However, because the public sector competes with the hi-tech industry over high-quality manpower, some national and semi-national facilities are maintained by manpower that is insufficiently experienced, and are not well-protected, in comparison to American or European oil companies, for instance.
Multitude of Zero-day attacks: Zero-day attacks are not new, but there seems to be an accelerated effort to develop and deploy this type of attack, primarily innovative ransomware with progressive file encoding methods and advanced wiper abilities. These are cybernetic missiles that, upon impact, delete ("wipe") all the station's data within seconds.
Weak link on cloud: All players in the cyber threat arena realize that the digital transformation and the transition to remote work has dramatically increased adoption of cloud services and SaaS (Software as a Service), and they target more attacks to these weaker links.
What's going to happen:
First of all, despite all the cyber defense mechanisms, companies and governments are still impacted on a daily basis, because the lion's share of effort is still being invested in identification and treatment, and not in prevention – like the case of COVID, where the pandemic only declined after massive global inoculation, compared to the futility of simply trying to "identify" and match treatment, which did nothing to hold off the pandemic. This is why we need to realize that the world of cyber attacks has undergone significant change, and requires a drastic change in defense policies.
In addition, major attackers are clearly investing in anti-AI techniques and machine learning attacks of the adversarial type, integrating these methods in their overall stealth technology, which is rapidly evolving.
Supply chain attacks, once originating from national or political adversaries, are growing and there is an increasing number of criminal adversaries also embracing the tactic. These attacks require a high level of patience and sophistication which were formerly unavailable in the cyber attack arena.
In terms of the ubiquity of Zero-day attacks, or at least their perceived ubiquity – I do not believe there are more zero-day vulnerabilities than before, I just think we're hearing more about them and discovering them more frequently.
We discover them more frequently because they are used more often, and not just by states. The issue with these attacks is that if I attack and I have access to a zero-day vulnerability, I have to be cautious about how I use it, because if I use it just to carry out a big noisy attack, I will lose the day-zero effect. But if I have a very specific goal, that's fine. It's worth it. I can burn my Zero-day on that.
That's why this kind of information is important. And at Deep Instinct, the conversations we have with our clients help them by simulating and demonstrating the current map of threats, so they can take proactive steps to get ahead of the threat trends.
Other threats we can see looming on the horizon – like the risk of VPNs as breach vectors, increased sophistication of cyberthreat players in their defense avoidance tactics, intense focus on attacks against the healthcare system, and the increase of the "Malware as a Service" model.
Cyber criminals are merciless, but moreover – they are opportunists. As technology evolves and the battle terrain changes, cyber criminals are quick to adapt and change their tactics, techniques and procedures accordingly. Organizations need to be aware, and to take active measures to maintain effective cyber security for protection against coming threats.
Guy Caspi is the CEO and Founder of Deep Instinct